Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/dI5t3Vr_ILbrWJNymm7USb9IXXU.roa
File:                     dI5t3Vr_ILbrWJNymm7USb9IXXU.roa (raw, json)
Hash identifier:          20Cqxtv7lowf4aBDDIJ6VsmGKWy5nC2XcQEisBRDWFI=
Subject key identifier:   74:8E:6D:DD:5A:FF:20:B6:EB:58:93:72:9A:6E:D4:49:BF:48:5D:75
Certificate issuer:       /CN=e5e8a815fd358ae76d274b045b0a715bd51c6278
Certificate serial:       018FCF3FAC1E0DDDE6438601971142EF022A
Authority key identifier: E5:E8:A8:15:FD:35:8A:E7:6D:27:4B:04:5B:0A:71:5B:D5:1C:62:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5eioFf01iudtJ0sEWwpxW9UcYng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/dI5t3Vr_ILbrWJNymm7USb9IXXU.roa
Signing time:             Fri 31 May 2024 15:23:27 +0000
ROA not before:           Fri 31 May 2024 15:23:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52092
IP address blocks:        91.227.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/5eioFf01iudtJ0sEWwpxW9UcYng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/5eioFf01iudtJ0sEWwpxW9UcYng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5eioFf01iudtJ0sEWwpxW9UcYng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:cf:3f:ac:1e:0d:dd:e6:43:86:01:97:11:42:ef:02:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e8a815fd358ae76d274b045b0a715bd51c6278
        Validity
            Not Before: May 31 15:23:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=748e6ddd5aff20b6eb5893729a6ed449bf485d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fe:be:63:53:c7:fb:96:d5:f0:0e:50:8c:c1:
                    49:d8:fb:e6:2a:c5:c2:06:a5:44:33:60:05:c4:c3:
                    c5:ee:9e:71:6a:dc:6d:9a:8c:31:f1:66:b3:4a:74:
                    8d:4c:f4:6f:d2:8b:c5:49:05:cd:78:cc:af:7e:3d:
                    95:d5:5f:19:70:e8:e5:1c:8f:70:ba:a5:d3:45:d1:
                    00:84:cf:d3:27:ba:1d:51:ff:9d:d8:8c:4d:bc:74:
                    b8:6e:dd:8f:f7:dc:93:08:91:94:a2:39:58:7c:8f:
                    fd:7f:bd:12:b3:0b:96:4e:9a:fa:1d:d0:44:c3:05:
                    bc:e4:73:fd:e3:25:57:5e:3d:1c:28:db:b3:6a:9d:
                    2f:6d:ab:6b:d1:f5:29:a3:48:fb:c2:12:bb:93:bb:
                    c5:7e:48:86:b3:81:6d:e4:79:d7:2e:07:47:76:dd:
                    f5:9c:71:ac:2c:fd:e5:b3:4d:bb:c9:21:8b:21:08:
                    a1:45:78:08:3e:37:f1:b1:91:7d:42:89:80:63:71:
                    c6:e5:f3:da:08:c8:44:ce:a4:25:1b:30:cf:0c:b1:
                    68:52:0b:66:46:b7:ba:c6:6c:30:ae:1a:ce:8d:d8:
                    fa:4c:85:9a:d9:39:60:7d:76:da:bf:c6:68:6d:78:
                    d5:30:72:e0:aa:41:f9:2d:c5:b9:67:4d:72:bd:a0:
                    da:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:8E:6D:DD:5A:FF:20:B6:EB:58:93:72:9A:6E:D4:49:BF:48:5D:75
            X509v3 Authority Key Identifier:
                keyid:E5:E8:A8:15:FD:35:8A:E7:6D:27:4B:04:5B:0A:71:5B:D5:1C:62:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5eioFf01iudtJ0sEWwpxW9UcYng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/dI5t3Vr_ILbrWJNymm7USb9IXXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/923e78-78a7-4d97-9a7c-786de3d1abe4/1/5eioFf01iudtJ0sEWwpxW9UcYng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:80:e1:6f:e7:cb:e5:91:4a:32:26:38:a6:fe:e1:5e:47:6a:
         7a:a4:28:dd:43:d2:c6:e9:7c:f5:85:d9:d6:5a:61:24:fa:8e:
         62:f3:f7:d6:90:50:ef:ff:fc:92:9e:77:55:39:dd:a1:ab:90:
         46:c1:12:3e:8a:dc:aa:4c:2a:f5:be:8a:bb:52:88:aa:95:5c:
         87:09:45:9e:b2:fc:27:c8:7e:48:91:5b:1f:fa:86:b4:3c:cc:
         d4:82:5d:20:0b:b0:03:d2:08:bb:98:8e:cc:62:8d:ae:49:9a:
         12:bc:d6:ea:9a:40:4b:3d:e2:7b:e6:98:47:23:16:1e:a7:7a:
         b3:6f:40:cf:4f:9b:e1:8a:ac:c3:fd:f3:92:ef:f1:39:5b:8e:
         09:24:d9:b3:a5:a6:75:1e:4a:38:e1:55:09:2e:d6:d7:6f:73:
         9a:f6:60:ea:0d:e6:45:9d:6f:d2:15:0f:07:09:0b:f0:0d:e4:
         57:07:72:0c:16:41:5b:20:b8:ec:9e:ad:29:e1:2d:59:16:dd:
         27:a4:59:d3:ce:09:71:39:5d:e7:7f:01:ca:c9:87:4b:15:d7:
         69:c3:23:02:2f:a9:c3:ec:f4:b2:a1:8c:1f:ea:dd:15:70:67:
         5d:8b:92:7f:0b:2c:8f:06:90:a3:c2:ea:21:aa:88:9e:c0:b2:
         6f:8b:f7:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/PP6weDd3mQ4YBlxFC7wIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZThhODE1ZmQzNThhZTc2ZDI3NGIwNDViMGE3MTViZDUx
YzYyNzgwHhcNMjQwNTMxMTUyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDhlNmRkZDVhZmYyMGI2ZWI1ODkzNzI5YTZlZDQ0OWJmNDg1ZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtf6+Y1PH+5bV8A5QjMFJ2PvmKsXC
BqVEM2AFxMPF7p5xatxtmowx8WazSnSNTPRv0ovFSQXNeMyvfj2V1V8ZcOjlHI9w
uqXTRdEAhM/TJ7odUf+d2IxNvHS4bt2P99yTCJGUojlYfI/9f70SswuWTpr6HdBE
wwW85HP94yVXXj0cKNuzap0vbatr0fUpo0j7whK7k7vFfkiGs4Ft5HnXLgdHdt31
nHGsLP3ls027ySGLIQihRXgIPjfxsZF9QomAY3HG5fPaCMhEzqQlGzDPDLFoUgtm
Rre6xmwwrhrOjdj6TIWa2TlgfXbav8ZobXjVMHLgqkH5LcW5Z01yvaDaHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSObd1a/yC261iTcppu1Em/SF11MB8GA1UdIwQY
MBaAFOXoqBX9NYrnbSdLBFsKcVvVHGJ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVpb0ZmMDFpdWR0SjBzRVd3cHhXOVVjWW5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85MjNlNzgtNzhhNy00ZDk3LTlhN2Mt
Nzg2ZGUzZDFhYmU0LzEvZEk1dDNWcl9JTGJyV0pOeW1tN1VTYjlJWFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85MjNlNzgtNzhhNy00ZDk3LTlhN2MtNzg2ZGUzZDFhYmU0
LzEvNWVpb0ZmMDFpdWR0SjBzRVd3cHhXOVVjWW5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+OGMA0G
CSqGSIb3DQEBCwUAA4IBAQCZgOFv58vlkUoyJjim/uFeR2p6pCjdQ9LG6Xz1hdnW
WmEk+o5i8/fWkFDv//ySnndVOd2hq5BGwRI+ityqTCr1voq7UoiqlVyHCUWesvwn
yH5IkVsf+oa0PMzUgl0gC7AD0gi7mI7MYo2uSZoSvNbqmkBLPeJ75phHIxYep3qz
b0DPT5vhiqzD/fOS7/E5W44JJNmzpaZ1Hko44VUJLtbXb3Oa9mDqDeZFnW/SFQ8H
CQvwDeRXB3IMFkFbILjsnq0p4S1ZFt0npFnTzglxOV3nfwHKyYdLFddpwyMCL6nD
7PSyoYwf6t0VcGddi5J/CyyPBpCjwuohqoiewLJvi/dR
-----END CERTIFICATE-----